Return to Threats

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

thehackernews.com 2026-07-16 SaaS AI risk High

What Happened

n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belongs to someone under issuer B logged you in as them. Their password never

Why It Matters

The article reports CVE-2026-59208, a flaw in n8n’s Enterprise token-exchange feature where instances trusting multiple external issuers matched users only on the JWT sub claim and ignored the iss claim, allowing a valid token from issuer A with a victim’s sub from issuer B to log in as that victim.[1][2][3] This affects n8n versions below 2.27.4 and 2.28.0, with fixes in 2.27.4 and 2.28.1, and is only reachable when token exchange is enabled and multiple issuers are configured.[1][2][3] From a RealGround perspective, this is a SaaS AI risk and supply-chain authentication flaw that can lead to account takeover in automation platforms integrated with AI and other critical services; organizations should update to fixed versions, restrict trusted issuers, and inventory n8n usage within their AI and SaaS stack to ensure that workflows and AI integrations relying on n8n are not exposed to cross-issuer account hijacking.

Healthcare Fintech SaaS SMB AI startups

RealGround Analysis

This signal maps to SaaS AI risk. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.

Recommended Actions

  • Restrict AI agent tool permissions and production write paths.
  • Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
  • Add human approval workflows for high-impact or state-changing actions.
  • Run prompt injection and indirect prompt injection tests against affected workflows.
  • Document the owner, control gap, and remediation deadline for this risk class.

Source

https://thehackernews.com/2026/07/n8n-token-exchange-flaw-could-let.html

Talk to AI CISO